Bug 491019 - Security Officer: Format Card operation to format a user card also formats a security officer card.
Security Officer: Format Card operation to format a user card also formats a ...
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: ESC (Show other bugs)
unspecified
All Linux
urgent Severity medium
: ---
: ---
Assigned To: Jack Magne
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-03-18 18:15 EDT by Asha Akkiangady
Modified: 2015-01-04 18:37 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:33:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
TPS UI fixes for this issue. (8.00 KB, patch)
2009-05-16 21:05 EDT, Jack Magne
no flags Details | Diff
TPS Base fixes for this issue. (1.28 KB, patch)
2009-05-16 21:07 EDT, Jack Magne
no flags Details | Diff
New file tps/forms/esc/cgi-bin/sow/is_agent.cgi (1.45 KB, application/x-cgi)
2009-05-16 21:09 EDT, Jack Magne
no flags Details
tps/forms/esc/cgi-bin/sow/is_user.cgi (1.48 KB, application/x-cgi)
2009-05-16 21:09 EDT, Jack Magne
no flags Details
ESC portion to really fix this issue. (5.30 KB, patch)
2009-06-13 17:12 EDT, Jack Magne
no flags Details | Diff
Patch to tps-ui to fix this issue. (2.18 KB, patch)
2009-06-13 18:45 EDT, Jack Magne
no flags Details | Diff

  None (edit)
Description Asha Akkiangady 2009-03-18 18:15:37 EDT
Description of problem:
Format Card operation for user card also formats a security officer card.

Version-Release number of selected component (if applicable):
CS 8.0

How reproducible:


Steps to Reproduce:
1. Enroll 2 security officer tokens, SOfficer1 and SOfficer2.
2. Login to SO workstation using SOfficer1 token.
3. Click on Format Card and insert SOfficer2 token.
4. Click Format
  
Actual results:
Formats the SOfficer2 card.

Expected results:
Should not format SOfficer2 token,  an Error message Format key failed should be displayed.

Additional info:
Comment 1 Jack Magne 2009-05-16 21:05:31 EDT
Created attachment 344308 [details]
TPS UI fixes for this issue.
Comment 2 Jack Magne 2009-05-16 21:07:35 EDT
Created attachment 344310 [details]
TPS Base fixes for this issue.
Comment 3 Jack Magne 2009-05-16 21:09:09 EDT
Created attachment 344311 [details]
New file tps/forms/esc/cgi-bin/sow/is_agent.cgi
Comment 4 Jack Magne 2009-05-16 21:09:48 EDT
Created attachment 344312 [details]
tps/forms/esc/cgi-bin/sow/is_user.cgi
Comment 6 Matthew Harmsen 2009-05-19 18:15:16 EDT
attachment (id=344308)
attachment (id=344310)
attachment (id=344311)
attachment (id=344312)
+mharmsen

CAVEATS:
* - functions look for a lower-case sensitive "uid=" that is extracted from an
    input parameter, $dn.  Although the current system always passes in a $dn
    variable that is lower-case, it may be better to convert the input
    parameter $dn to all lower-case prior to processing it.
* - the variable name $hostport is a confusing name for a variable that only
    contains the hostname
Comment 8 Jack Magne 2009-05-20 17:14:39 EDT
TPS UI changes


Sending        cgi-bin/sow/cfg.pl

Sending        cgi-bin/sow/format.html
Sending        cgi-bin/sow/formatso.html
Transmitting file data ...


Sending        esc/sow/util.js
Transmitting file data .
Committed revision 471.


Sending        dogtag-pki-tps-ui.spec
Transmitting file data .
Committed revision 472.

BASE TPS changes

Sending        sow/cfg.pl
Adding         sow/is_agent.cgi
Adding         sow/is_user.cgi
Transmitting file data ...
Committed revision 473.


Sending        pki-tps.spec
Transmitting file data .
Committed revision 474.
Comment 10 Jack Magne 2009-05-20 17:16:14 EDT
Fixes above should address this issue.
Comment 11 Asha Akkiangady 2009-06-11 15:40:50 EDT
Verification failed.

A security officer token gets formatted when a Format card operation in SO work station is performed on a security officer token.
Comment 12 Jack Magne 2009-06-11 17:56:36 EDT
This was a matter of a couple of .cgi files not being included in the tps rpm. This simple problem has been fixed. The next build should show this working correctly.
Comment 13 Jack Magne 2009-06-13 17:12:55 EDT
Created attachment 347772 [details]
ESC portion to really fix this issue.

It turns out that the uid of the user's certificate was not being correctly read from the token. The feature to see if the token's owner is a Security Officer or regular user, depends upon this.
Comment 14 Jack Magne 2009-06-13 18:45:31 EDT
Created attachment 347785 [details]
Patch to tps-ui to fix this issue.

Dogtag tps-ui changes.
Comment 16 Matthew Harmsen 2009-06-13 19:01:18 EDT
attachment (id=347772)
attachment (id=347785)
+mharmsen
Comment 18 Jack Magne 2009-06-13 19:47:56 EDT
$ cvs -d :ext:jmagne@cvs.fedora.redhat.com/cvs/dirsec commit -m "Bugzilla #4910
19 Security Officer: Format Card operation to format a user card also formats a
 security officer card."
ESC commits:


Enter passphrase for key '/home/jack/.ssh/id_rsa':

Checking in app/xpcom/rhCoolKey.cpp;
/cvs/dirsec/esc/src/app/xpcom/rhCoolKey.cpp,v  <--  rhCoolKey.cpp
new revision: 1.11; previous revision: 1.10
done
Checking in app/xpcom/rhICoolKey.idl;
/cvs/dirsec/esc/src/app/xpcom/rhICoolKey.idl,v  <--  rhICoolKey.idl
new revision: 1.8; previous revision: 1.7
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in app/xul/esc/application.ini;
/cvs/dirsec/esc/src/app/xul/esc/application.ini,v  <--  application.ini
new revision: 1.9; previous revision: 1.8
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in lib/coolkey/CoolKey.cpp;
/cvs/dirsec/esc/src/lib/coolkey/CoolKey.cpp,v  <--  CoolKey.cpp
new revision: 1.10; previous revision: 1.9
done
Checking in lib/coolkey/CoolKey.h;
/cvs/dirsec/esc/src/lib/coolkey/CoolKey.h,v  <--  CoolKey.h
new revision: 1.8; previous revision: 1.7
done
Checking in lib/coolkey/NSSManager.cpp;
/cvs/dirsec/esc/src/lib/coolkey/NSSManager.cpp,v  <--  NSSManager.cpp
new revision: 1.6; previous revision: 1.5
done
Checking in lib/coolkey/NSSManager.h;
/cvs/dirsec/esc/src/lib/coolkey/NSSManager.h,v  <--  NSSManager.h
new revision: 1.5; previous revision: 1.4
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Comment 19 Jack Magne 2009-06-13 19:51:48 EDT
svn commit -m "Bugzilla Bug #491019 - Security Officer: Format Card operation to format a user card."
Sending        dogtag/tps-ui/dogtag-pki-tps-ui.spec
Sending        dogtag/tps-ui/shared/cgi-bin/sow/formatso.html
Sending        dogtag/tps-ui/shared/docroot/esc/sow/util.js
Transmitting file data ...
Committed revision 610.
Comment 21 Jack Magne 2009-06-13 19:53:09 EDT
Issue fixed in next build of ESC and TPS.
Comment 22 Asha Akkiangady 2009-07-09 15:58:13 EDT
Verified.

Doing format card operation by providing a Security Officer token shows a dialog box with message "You can't Format a card that belongs to another Security Officer!".

Note You need to log in before you can comment on or make changes to this bug.